1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-27 02:08:54 +00:00

key: uses key_cls.TYPES_ACCEPTABLE to dispatch

for now only a quite simple change, replacing the hardcoded PassphraseKey -> RepoKey dispatching.
This commit is contained in:
Thomas Waldmann 2022-03-06 17:03:58 +01:00
parent 6cd0f6de49
commit d42e6f2c41

View file

@ -145,6 +145,8 @@ def tam_required(repository):
class KeyBase: class KeyBase:
# Numeric key type ID, must fit in one byte. # Numeric key type ID, must fit in one byte.
TYPE = None # override in subclasses TYPE = None # override in subclasses
# set of key type IDs the class can handle as input
TYPES_ACCEPTABLE = None # override in subclasses
# Human-readable name # Human-readable name
NAME = 'UNDEFINED' NAME = 'UNDEFINED'
@ -259,6 +261,7 @@ def unpack_and_verify_manifest(self, data, force_tam_not_required=False):
class PlaintextKey(KeyBase): class PlaintextKey(KeyBase):
TYPE = 0x02 TYPE = 0x02
TYPES_ACCEPTABLE = {TYPE}
NAME = 'plaintext' NAME = 'plaintext'
ARG_NAME = 'none' ARG_NAME = 'none'
STORAGE = KeyBlobStorage.NO_STORAGE STORAGE = KeyBlobStorage.NO_STORAGE
@ -287,7 +290,7 @@ def encrypt(self, chunk):
return b''.join([self.TYPE_STR, data]) return b''.join([self.TYPE_STR, data])
def decrypt(self, id, data, decompress=True): def decrypt(self, id, data, decompress=True):
if data[0] != self.TYPE: if data[0] not in self.TYPES_ACCEPTABLE:
id_str = bin_to_hex(id) if id is not None else '(unknown)' id_str = bin_to_hex(id) if id is not None else '(unknown)'
raise IntegrityError('Chunk %s: Invalid encryption envelope' % id_str) raise IntegrityError('Chunk %s: Invalid encryption envelope' % id_str)
payload = memoryview(data)[1:] payload = memoryview(data)[1:]
@ -367,8 +370,7 @@ def encrypt(self, chunk):
return self.cipher.encrypt(data, header=self.TYPE_STR, iv=next_iv) return self.cipher.encrypt(data, header=self.TYPE_STR, iv=next_iv)
def decrypt(self, id, data, decompress=True): def decrypt(self, id, data, decompress=True):
if not (data[0] == self.TYPE or if data[0] not in self.TYPES_ACCEPTABLE:
data[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
id_str = bin_to_hex(id) if id is not None else '(unknown)' id_str = bin_to_hex(id) if id is not None else '(unknown)'
raise IntegrityError('Chunk %s: Invalid encryption envelope' % id_str) raise IntegrityError('Chunk %s: Invalid encryption envelope' % id_str)
try: try:
@ -396,8 +398,7 @@ def init_ciphers(self, manifest_data=None):
if manifest_data is None: if manifest_data is None:
nonce = 0 nonce = 0
else: else:
if not (manifest_data[0] == self.TYPE or if manifest_data[0] not in self.TYPES_ACCEPTABLE:
manifest_data[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
raise IntegrityError('Manifest: Invalid encryption envelope') raise IntegrityError('Manifest: Invalid encryption envelope')
# manifest_blocks is a safe upper bound on the amount of cipher blocks needed # manifest_blocks is a safe upper bound on the amount of cipher blocks needed
# to encrypt the manifest. depending on the ciphersuite and overhead, it might # to encrypt the manifest. depending on the ciphersuite and overhead, it might
@ -641,6 +642,7 @@ def get_new_target(self, args):
class KeyfileKey(ID_HMAC_SHA_256, KeyfileKeyBase): class KeyfileKey(ID_HMAC_SHA_256, KeyfileKeyBase):
TYPE = 0x00 TYPE = 0x00
TYPES_ACCEPTABLE = {TYPE}
NAME = 'key file' NAME = 'key file'
ARG_NAME = 'keyfile' ARG_NAME = 'keyfile'
STORAGE = KeyBlobStorage.KEYFILE STORAGE = KeyBlobStorage.KEYFILE
@ -731,6 +733,7 @@ def save(self, target, passphrase, create=False):
class RepoKey(ID_HMAC_SHA_256, KeyfileKeyBase): class RepoKey(ID_HMAC_SHA_256, KeyfileKeyBase):
TYPE = 0x03 TYPE = 0x03
TYPES_ACCEPTABLE = {TYPE, PassphraseKey.TYPE}
NAME = 'repokey' NAME = 'repokey'
ARG_NAME = 'repokey' ARG_NAME = 'repokey'
STORAGE = KeyBlobStorage.REPO STORAGE = KeyBlobStorage.REPO
@ -770,6 +773,7 @@ def save(self, target, passphrase, create=False):
class Blake2KeyfileKey(ID_BLAKE2b_256, KeyfileKey): class Blake2KeyfileKey(ID_BLAKE2b_256, KeyfileKey):
TYPE = 0x04 TYPE = 0x04
TYPES_ACCEPTABLE = {0x04}
NAME = 'key file BLAKE2b' NAME = 'key file BLAKE2b'
ARG_NAME = 'keyfile-blake2' ARG_NAME = 'keyfile-blake2'
STORAGE = KeyBlobStorage.KEYFILE STORAGE = KeyBlobStorage.KEYFILE
@ -780,6 +784,7 @@ class Blake2KeyfileKey(ID_BLAKE2b_256, KeyfileKey):
class Blake2RepoKey(ID_BLAKE2b_256, RepoKey): class Blake2RepoKey(ID_BLAKE2b_256, RepoKey):
TYPE = 0x05 TYPE = 0x05
TYPES_ACCEPTABLE = {TYPE}
NAME = 'repokey BLAKE2b' NAME = 'repokey BLAKE2b'
ARG_NAME = 'repokey-blake2' ARG_NAME = 'repokey-blake2'
STORAGE = KeyBlobStorage.REPO STORAGE = KeyBlobStorage.REPO
@ -824,12 +829,14 @@ def decrypt(self, id, data, decompress=True):
class AuthenticatedKey(AuthenticatedKeyBase): class AuthenticatedKey(AuthenticatedKeyBase):
TYPE = 0x07 TYPE = 0x07
TYPES_ACCEPTABLE = {TYPE}
NAME = 'authenticated' NAME = 'authenticated'
ARG_NAME = 'authenticated' ARG_NAME = 'authenticated'
class Blake2AuthenticatedKey(ID_BLAKE2b_256, AuthenticatedKeyBase): class Blake2AuthenticatedKey(ID_BLAKE2b_256, AuthenticatedKeyBase):
TYPE = 0x06 TYPE = 0x06
TYPES_ACCEPTABLE = {TYPE}
NAME = 'authenticated BLAKE2b' NAME = 'authenticated BLAKE2b'
ARG_NAME = 'authenticated-blake2' ARG_NAME = 'authenticated-blake2'